I tried to configurate the user authentication with the org.jboss.security.auth.spi.LdapLoginModule against a LDAP Directory. The Authentification works correctly. If the user is authorizied the ldap search for the role and delivered success, but no rolename. So the user will get a "HTTP Status 403 - Access to the requested resource has been denied" error. I trace the kommuniction with ldap an the Server send the right statements, which i had tested in LDAP directly. With the DN the group and the role attribute which contains the roleName were found.

Can anyone help me, why ldap returns no role but success ? How can I trace the returnvale in log4j ?